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ABSTRACT 



An integrated circuit accesses encrypted data stored in an 
external memory, the integrated circuit includes a main 
memory for storing decrypted data. A processor within the 
integrated circuit utilizes the decrypted data in the main 
memory. A soft secure memory management unit (SMMU), 
within the integrated circuit, monitors data accesses by the 
processor. The soft SMMU signals the processor when the 
processor attempts to access first data which is not within the 
decrypted data in the main memory but is within the 
encrypted data stored in the external memory. When the soft 
SMMU signals the processor, the processor oversees trans- 
fer of the fiist data from the external memory and oversees 
decryption of the first data. 

19 Claims, 5 Drawing Sheets 
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SECURE MEMORY MANAGEMENT UNIT data stored in an external memory, the integrated circuit 

WHICH UTILIZES A SYSTEM PROCESSOR includes a main memory for storing decrypted data. A 

TO PERFORM PAGE SWAPPING processor within the integrated circuit utilizes the decrypted 

BACKGROUND main memory. A soft secure memory manage- 

5 ment unit (SMMU), within the integrated circuit, monitors 

The present mvenlion concerns memory management in a data accesses by the processor. The soft SMMU signals the 

computer system designs and pertains particularly to a processor when the processor attempts to access first data 

secure memory management unit which utUizes a system which is not within the decrypted data in the main memory 

processor to perform page swapping. ^ut is within the encrypted data stored in the external 

In order to protect against theft or misuse, secure infor- njemory. When the soft SMMU signals the processor, the 

mation within a computing system can be encrypted before processor oversees transfer of the first data from the external 

being stored m the memory for the computing system. When ^ ^^^^^ decryption of the fiist data, 

a secure integrated arcuit uses the secure mformation, the ... c . . . r o*-wtt • . , 

secure information is transferred to the integrated circuit and preferred embodiment, the soft SMMU includes 

decrypted before being used. Secure information reUimed to ^^"^^^ registers which indicate where in the external memory 

the memory for the computing system is encrypted before 35 the encrypted data is stored. A comparison circuit deter- 

being stored. mines whether an address of the first data is within a range 

Typically, decryption and encryption is handled by a specified by the limit registers. The soft SMMU also 

secure memory management unit (SMMU) on the integrated includes current page information registers which indicate 

circuit. When a processor requires the use of a page of secure information about pages of data stored in the main memory, 

information, the secure memory management unit on the 20 Additional comparison circuits determine whether an 

iiitegrated circuit obtains the page of secure information, address of the first data is within the pages of data stored in 

decrypts the page of secure information and places the data the main memory. 

in a cache memory for access by the processor. ITie cache is In the preferred embodiment, when second data needs to 

typically implemented using static random access memory swapped back from the main memory to the external 

(SRAM). 25 memory, the processor oversees encryption of the second 

If, in order to bring in the page of secure information, a data and oversees transfer of the second data to the external 

"dirty** page of information needs to be swapped out to memory. In the preferred embodiment, the processor uses an 

memory, the SMMU performs the swap out of the "dirty" encryption engine which to decrypt the first data and encrypt 

page of information before the new page is placed in the the second data. For example, the encryption engine per- 

cache.A"dirty"pageof information is a page of information 30 forms a DBS encrypt operation to decrypt the first data, 

which has been written to while in the cache where the Likewise, the encryption engine performs a DES decrypt 

changes made have not been written out to the system operation to encrypt the second data. Alternatively, other 

memory. If the "dirty" page of information contains secm^e encryption/decryption algorithms may be used, 

information, the SMMU first encrypts the page before Also in the preferred embodiment, a memory controller is 

swapping the page out to system memory. While perfonming 35 used to access unencrypted data stored in the external 

page swapping the SMMU holds off the processor while memory. 

pages are being swapped to and from the processor cache. The present invention provides an SMMU whose func- 

One problem with typical hardware implementations of tionality is shared between dedicated hardware and software 

an SMMU is that to implement the functionality of an processes run by the system processor. This design of the 

SMMUrequiresalotofgatesandcomplexity. However, for 40 SMMU reduces gate complexity of the integrated circuit 

each particular project, the requirements for an SMMU may while increasing the flexibility of operation of the SMMU. 

change requiring significant redesign of .he SMMU^ g^j^p DESCRiraON OF THE DRAWINGS 

Additionally, for typical implementations of SMMUs, 

considerable design time is required to configure the SMMU . ^ ^ ^ simpHfied block diagram of an integrated 

and once the final implementation is reached, the configu- 45 circuit which includes a soft secure memory management 

ration of the SMMU can no longer be changed. See, for accordance with the preferred embodiment of the 

example, the VLSI Part Number VMS 310 and VLSI Part prcscni invention. 

Number VMS 320 both available from VLSI Technology, FIG. 2 is a simplified block diagram of the soft secure 

Inc., having a business address of 1109 McKay Drive, San memory management unit shown in FIG. 1 in accordance 

Jose, Calif. 95131. 50 with the preferred embodiment of the present invention. 

In order to lessen the amount of hardware used to imple- FIG. 3 is a simplified block diagram which shows data 

ment an hardware SMMU, a hardware DMA can be added flow of secure information from an external system memory 

to the integrated circuit to detect a page miss by the into cache memory within the integrated circuit shown in 

processor. After detecting a page miss, the DMA holds off FIG. 1 in accordance with the preferred embodiment of the 

the processor until the DMA has loaded and decrypted the present invention. 

next page of information. This requires the DMA to sit FIG. 4 illustrates usage of registers within the soft secure 

in-line with the processor and the memory subsystem. The memory management unit shown in FIG. 1 in accordance 

DMA hardware also has to move the data through the with the preferred embodiment of the present invention, 

encryption core and into the cache memory space. Such an FIG. 5 is a simplified block diagram which illustrates data 

implementation requires special care to meet timing and flow for a data miss within the integrated circuit shown in 

memory bus requirements. See, for example, the VLSI Part FIG. 1 in accordance with the preferred embodiment of the 

Number VMS 310 and VLSI Part Number VMS 320 both present invention. 

available from VLSI Technology, Inc. DESCRIPTIGN OF THE PREFERRED 

SUMMARY OF THE INVENTION ^5 EMBODIMENT 

In accordance with the preferred embodiment of the FIG. 1 is a simplified block diagram of an integrated 

present invention, an integrated circuit accesses encrypted circuit which includes a system processor 12, a soft secure 
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memory management unil (SMMU) 13 and a main memory within the page limits in limit registers 22, a WITHIN flag 

14 connected to a processor bus 11. For example, processor on a line 33 is asserted true. 

11 is an ARM7TDMI processor or another processor that Registers 24 contain information (e.g., start address and 

may be included on an integrated circuit. Main memory 14 page size) of a "page 0" of data stored in pages 15 of main 
is, for example, implemented as a static random access 5 memory 14. A comparison circuit 25 compares the infor- 

memory (SRAM). A hardware encryption core 16 may be nation in registers 24 with the address on address lines 21 

mcluded. Alternatively, encryption/decryption may be per- of processor bus U to determine whether the address on 

formed by system processor 12. For example, encryption address Unes 21 addresses data stored in "page (T' of data 

and decryption is performed in accordance with the Data stored in pages 15 of main memory 14. When the address on 
Encryption Standard (DES). See for example, Data Encryp- lO address Unes 21 addresses data stored in "page (T' of data 

tion Standard (DES), Federal Information Processing Stan- stored in pages 15, an "EQO" flag on a Une 30 is asserted true 

dards Publication (HPS PUB) 46-2, Dec. 30, 1993 available p,„. , %a . • • r r ^ . * a 

f .LiioA., ! c r> T-Li Registers 26 contain information (e.g., start address and 

rrom the U.S. Department of Commerce, Technology • \ r « im cj . . j ■ i*- r 

Administration, National Institute of Slanda;ds and Tech- ^^^^ "'^ f\ P'^' ^ . °^ ^""^ ^.f,^ P^S" 15 "f „ain 

1 o 1 nro XM J T ^ J 1 I r mcmory 14. A comparison cu-cuit 27 compares the infor- 

nology. See also 0£5 A/ofle5 0/ Operflrww, Federal Infor- is ^.,t;^„ ,„ «„v*^ tjc »u aa aa i- >ii 

« *• n • o* ^ J f^ui- *■ /™o nTrr.x oi mation m registers 26 with the address on address Imes 21 

mation Processing Standards Publication (FIPS PUB) 81, r . it.j* • *u 

r» o moA 1 ui f *u iTc . \ c processor bus 11 to determme whether the address on 

Dec. 2, 1980 available from the U.S. Department of i- aa a * . a a i» c a . 

^ _ . 1 „ f c. J J Au *• 1 address hnes 21 addresses data stored m page 1 of data 

Commerce, National Bureau of S andards. Alternatively, ^^ ^5 ^ ^^^^^ 

some other encrypt.on/deayption algonthm tnay be used. ^^^^^^^ jl addresses data stored in "page 1" of data 
Soft SMMU 13 takes advantage ofsystem processor 12 to 20 stored in pages 15, an "EOl" flag on a line 31 is asserted 

handle page allocation and data movement for page updates. true 

Functionary of soft SMMU 13 is reduced to maintaining ^ ^j, 

page mfonnalton and inprmg an abort of the memory ^.^^^^ circuitry. For example, registers 28 contain informa- 

cycle on a page miss. System processor 12 can mterrupt the ^ start address and page size) of a "page N" of data 

abort as a page miss and update the page registers m the soft . \ • tec • ^ ^ i . ^ ^ . 

Q\ATiAi\ t-x ^rx.^ » Lx AA AA *j stored m pagcs 15 of main mcmory 14. A comparison circuit 

SMMU 13. Fhe new page can then be loaded and decrypted ^q^„ „^7,u • f • -lo %u .u 

, . 1-1 11 .a L-i- • 29 compares the information in registers 28 with the address 

by system processor 2. Thus allows great flexibility m the on addrL lines 21 ofprocessor bus 11 to determine whether 

determmauon of multiple pages write back capability, or ^^^^^^ ^^^^^ 31 addresses data stored in 

lockmg pages that are used often. As mentioned above, « xr» e a * * a ■ ter • 
u A t' 1^- * ' A c ^ 1 in page N of data stored in pages 15 of main memory 14. 
hardware encryption core 16 is not requu-ed for low end 30 when the address on addr J lines 21 addresses data stored 

applications or tor simple encryption methods. For these . kt" j ♦ * j • if «T-yn,xT» a 

,j ^ / . . , m page N of data stored m pages 15, an EON flag on a 

case an encryption/decryption algonthm can be resident on line 32 is asserted true » ' ^ & 
system processor 12. 

T f J u J- . A -.1.- Limit registers 22 and registers 24, 26 and 28 can be 

In the preferred embodiment, the hardware withm soft jl tt.- n r .a -i- ■ 
civxx^fTT A J 1 Tn- » • • . 35 accessed by processor 12. This allows for great flexibiLtym 

SMMU 13 IS page modular^ The timuig requirements are S>e external memory, main memory 14 and the 

greatly reduced since soft SMMU 13 only compares an individual pages, 
address received on an external bus to the page boundaries 

in the page registers within soft SMMU 13. Soft SMMU 13 ^ P^S^ ^^^^ 13 determines there is a 

can abort the cycle at Ihe end of the memory transaction, ^^^^^^ ^^^^^^ 21 results in, for a 
therefore soft SMMU 13 does not have to make a compari- ^ P^^e X, the EQ flag being asserted (EQX) and the page 

son at the beginning of the cycle. Since data is moved by ^^'""^ ^"^'^^^^ (ENABLEX). Thus there is a HIT on page 0 

system processor 12, there are no special DMA ports or EQO AND ENABLED. There is a HIT on page 1 for EQl 

DMA busses that are necessary System processor 13 can ^ ENABLEl. There is a HIT on page N for EQN AND 

move the data on the mcmory bus 11. ENABLEN. 

Hie pages that are cached by system processor 12 can be ^^^^^ °° f"^'^ ^^^^^ ^1 is used to access a value 

stored as pages 15 in main memory 14, which serves as P'S^^ '"^^ is a fetch 

scratch memory space for processor 12. Soft SMMU 13 is command and the address on address lines 21 results in a 

a simple peripheral attached to processor bus 11. WITHIN flag on a line 33 is asserted true. 

Soft SMMU 13 monitors address requested by system 50 ^^^^ "^^^^""^ ^ '"^^ "^^^^ ^^^'^ ^ ^ f^^^*^ 

processor 12 for an instruction or data operation that is command and the address on address Unes 21 does not result 

within the page limits of secure information stored in an ^ WITHIN flag on a Ime 33 is asserted true, 

external system memory. The external system memory is ^^'^ ^^^'""^ P^S® "^^^ swapped in from 

external to the integrated circuit. Limit register within soft ^xUrmX system memory and decrypted. If necessary a 
SMMU 13 indicate the page Hmits of secure information 55 P^S^ ^ swapped out of mam memory 14 to make room for 

stored in the external system memory. If the data requested page. 

by system processor 12 is within the page limits of secure When soft SMMU 13 detects a fetch command, the 

information stored in the external system memory but is not address on address lines 21 results in a HIT and the WITHIN 

located on a page that is currently held in main memory 14, flag on a line 33 is not asserted true, then the memory 

soft SMMU 13 wiU abort the operation using an abort line ^ansaction does not involve secure information. 

17. The last used page is determined by latching the EQO 

FIG. 2 is a simplified block diagram of soft SMMU 13. through EQN values. 

Limit registers 22 store page limits for secure information System processor 12 is the engine which performs nec- 

within an external system memory external to the integrated essary SMMU operations to allow encrypted data external to 
circuit. A comparison circuit 23 compares the page limits in 65 the integrated circuit to be utilized by system processor 12. 

limit registers 22 with an address on address lines 21 of In a preferred embodiment, processor performs encryption 

processor bus 11. When the address on address lines 21 is and decryption using encryption engine 40. Altematively, as 
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discussed above, system processor 12 can perform encryp- 
tion and decryption using software algorithms. 



Table 2 below gives pseudo code executed by system 
processor 12 in the SMMU ABORT PAGING STATE. 



Also, in the preferred embodiment, encryption engine 40 
encrypts data using a DBS decrypt operation. Similarly, 
encryption engine 40 decrypts data using a DES encrypt 
operation. The reason this is done is because the DES 
decrypt process is self correcting if there is an error. If 
somehow the data does get corrupted in the external system 
memory the error should not be corrected when using the 
SMMU processes to page the data. In the discussion below, 
the decryption of data will be described as a decryption 
operation (even though in the preferred embodiment the 
decryption is actually performed using a DES encrypt). 
Likewise, in the discussion below, the encryption of data 
will be described as an encryption operation (even though in 
the preferred embodiment the encryption is actually per- 
formed using a DES decrypt). 

Two main states of system processor 12 are used for 
SMMU processing: SMMU BOOT/INITIALIZATION 
STATE, and SMMU ABORT PAGING STATE. 

System processor 12 enters SMMU BOOT/ 
INITLALIZATION STATE anytime integrated circuit gets a 
reset. The purpose of this state is to test the functionahty of 
soft SMMU 13 and verify the first page of instructions to be 
executed can be decrypted correctly before being executed 
by system processor 12. In the /INITIALIZATION STATE, 
system processor 12 will setup the decrypt operation, read in 
the first page, verify the first page is vahd and jump to the 
first instruction of the first page. 

Table 1 below gives pseudo code executed by system 
processor 12 in SMMU BOOT/INITIAUZATION STATE. 

TABLE 1 

Load in the initial DES SMMU key from one time programmable 
memory; 

Set Up decryption (DES encrypt operation) for an incoming page; 
Load in the initial page from external memory; 
Perform a checksum on this first page; 
if checksum does not pass then 
Error-halt the processor; 

else 

enable the SMMU processing; 

Jump to the first address of the first page (Normal execution); 
cndif. 



TABLE 2 



10 



15 



20 



System processor 12 enters the SMMU ABORT state 
anytime a page miss is detected (i.e., upon receiving an abort 
signal on abort line 17). The purpose of SMMU ABORT 
state is to handle the page miss and read in the new page. In 
SMMU ABORT state, system processor 12 determines the 
next page to use. If an existing page needs to be written back 
to system (external) memory, system processor 12 sets up 
encryption engine 40 to perform an encryption operation, 
and then downloads the encrypted page to the external 
system memory. System processor than sets up encryption 
engine 40 to decrypt the incoming page, and uploads the 
external memory page to be decrypted and placed in pages 
15 of main memory 14. System processor 12 then returns to 
execution of the interrupted instmction. 



30 



Determine the next page (in pages 15) to use (next__page); 
save the DES context (e.g. the DES parameters, mode/status/iv); 
setup the DES to perform SMMU operations; 
if ( the current_page (currently residing in pages 15 which Is to be 
replaced by next^_page) has data in it that should be written back) then 

save the currcnt__page value; 

Setup for encryption (using DES decrypt operation) 

- a page is composed of 1, 2, 4 or 8 blocks of 64 words 

- writeback the values of the current_page; 
for (i " 0, i <- page_blk_si2e, i++) 

Set the IV for the current page; 

Encrypt (using DES dcCT)^)! operation) each word for this 64 word 
block and write the encrypted word to its respective external 
memory location; 
end-for; 

clear the write back bit for the page location in pages 15; 
restore the currcnt_page value; 
end-if; 

disable the next_pagc; 

change the basc_addr for aext_page 

Setup for decryption (using DES encrypt operation) 

- a page is composed of 1, 2, 4 or 8 blocks of 64 words 

- Page in the new data; 

for (1 » 0, i <« page_blk_size, i++) 
Set the IV for the current page 

Decrypt (using DES encrypt operation) each word for this 64 word 
block and write the decrypted word to its respective external memory 
location; 
end-for; 

restore DES context; 

disable interrupts; 

enable the page; 

clear the page Hit signal; 

calculate the new link register value; 

enable interrupts; 

return to the aborted instruction. 



35 

FIG. 3 is a simplified block diagram which shows data 
flow of secure information from an external system memory 
45 into a cache memory (pages 15 of main memory 14) for 
system processor 12. A page of information from secure 
4Q information 46 of external system memory 45 is received by 
an SMMU function 47 of the integrated circuit. For 
example, the page of information contains secure instruc- 
tions to be executed, or secure data to be used, by system 
processor 12. As discussed above, SMMU function 47 is 
implemented by soft SMMU hardware 13 and SMMU 
processes running on system processor 12. 

SMMU function 47 uses encryption engine 40 (or algo- 
rithms run by system processor 12) to decrypt the page of 
secure information, and places the decrypted information 
within pages 15 of main memory 14. Processor 12 can then 
access the decrypted information. 

FIG. 4 shows usage of registers within soft SMMU 13. 
Limit registers 22 store page limits for secure information 
within secure information 46 of external system memory 45 
system. For example, limit registers 22 include a register 
which contains a lower limit to a section A and an upper limit 
to section A of secure information 46, as shown in FIG. 4. 
Limits for additional segments also may be stored in limit 
registers 22, as illustrated by the register which contains a 
lower limit to a section B and the register which contains an 
upper limit to section B. 

Current page information registers 51 identify addresses 
of pages currently in pages 15 of main memory 14. These 
pages, as needed, are moved back and forth from secure 
information 46 of external system memory 45 system, as 
65 described above. Use of current page information registers 
51 is described more fully above in the discussion of 
registers 24, 26 and 28 shown in FIG. 2. 



45 



50 



55 



60 



11/19/2003, EAST version: 1.4.1 



6,003,117 

7 8 

FIG, 5 illustrates what happens when a page miss occurs. 2. An integrated circuit as in claim 1 wherein the soft 

A page miss is initiated when a program counter 82 for SMMU comprises: 

system processor 12 encounters an address which is not limit registers which indicate where in the external 

currently in main memory (SRAM) 14. Soft SMMU hard- memory the encrypted data is stored; and, 
ware 13 detects this as described above. Upon detection, soft 5 current page information registers which indicate infor- 

SMMU 13 signals processor 12 on abort line 17. llie mation about pages of data stored in the main memory. 

SMMU process then lakes control. If the requested address 3. An integrated circuit as in claim 2- wherein the soft 

is within either the A or B limits (as set out in limit registers SMMU additionally comprises: 

22), the SMMU process claims the address and begins the first comparison means for determining whether an 

process of fetching the page. Otherwise, the SMMU process 10 address of the first data is within a range specified by 

will not claim the address and instead will allow a memory the limit registers. 

controller 85 to fetch the data. 4. An integrated circuit as in claim 2 wherein the soft 

Once the SMMU process claims the address (that is soft SMMU additionally comprises:- 

SMMU 13 has asserted the abort signal on abort line 17) a hi* comparison means for determining whether an address 

series of events occur as described above. The SMMU of the first data is within the pages of data stored in the 

process writes a page back from pages 15, if necessary, and main memory, 

determines which of pages 15 to replace and computes the 5. An integrated circuit as in claim 1 wherein the inte- 

Page IV in registers 81. Page IV and seed 14 arc specific to grated circuit includes an encryption engine which the 

DES encryption. Page IV is used in coordination with seed processor uses to decrypt the first data. 

IV to create a unique startup value for each 64 word block. <»• An encryption circuit as in claim 5 wherein the encryp- 

The method for determining the page to swap is as follows: engine performs a DES encrypt operation to decrypt the 

first data. 

Next Page=(Ust hit Pagc+1) mod 4 7. An integrated circuit as in claim 1 when second data 

needs to swapped back from the main memory to the 

Last hit page is the page which was most recently hit. external memory, the processor oversees encryption of the 

Hence the algorithm is cyclic in that it simply picks the next second data and oversees transfer of the second data to the 

page in sequence. external memory. 

The external page from secure pages 46 in external ^ integrated circuit as in claim 7 wherein the inte- 

system memory 45 is loaded into the input registers of gi^^ted circuit includes an encryption engine which the 

encryption engine 40 and decryption begins. The output processor uses to encrypt the second data, 

registers of encryption engine 40 are then moved into the 9. An encryption circuit as in claim 8 wherein the encryp- 

appropriale page within pages 15 of main memory 14. The ^^0° engine performs a DES decrypt operation to encrypt the 

SMMU process will also update the missed page register second data. 

which indicates which page was most recently swapped. 1®- ^ integrated circuit as in claim 1 additionally com- 

Once the page has been loaded into pages 15, the SMMU prising a memory controller used to access unencrypted data 

process re-enables normal processing of processor 12. stored in the external memory. 

Awrite back occurs if two conditions are met: the external ^ "^^^^'^^ integrated circuit accesses 

memory limit range is write back enabled and the page being encrypted data stored m an external memory, the method 

swapped out has changed. Only external system memory 45 composing the followmg steps: 

is write back enabled, not pages 15 of main memory 14. (a) storing decrypted data in a main memory within the 

The foregoing discussion discloses and describes merely integrated circuit, 

exemplary methods and embodiments of the present inven- (*^) ^ti^i^ing decrypted data in the main memory by a 

tion. As will be understood by those familiar with the art, the processor; and, 

invention may be embodied in other specific fonns without 45 (c) monitoring, by a soft secure memory management unit 

departing from the spirit or essential characteristics thereof. (SMMU), data accesses made by the processor; 

Accordingly, the disclosure of the present invention is (d) signaling the processor by the soft SMMU, when the 

intended to be illustrative, but not limiting, of the scope of processor attempts to access first data which is not 

the invention, which is set forth in the following claims. within the decrypted data in the main memory but is 

We claim: 50 within the encrypted data stored in the external 

1. An integrated circuit which accesses encrypted data memory; and, 

stored in an external memory, the integrated circuit com- (e) performing, by the processor, the following substeps 

prising: when in step (d) the soft SMMU signals the processor, 

, . , , . (e.l) overseeing transfer of the first data from the 

a main memory for stonng decrypted data; ^^^^^^^ ^^^^^^ 

a processor which utilizes the decrypted data in the main (e.2) overseeing decryption of the first data. 

memory; and, 12. A method as in claim 11 wherein step (c) includes the 

a soft secure memory management unit (SMMU), the soft following substep: 

SMMU monitoring data accesses by the processor and (c. 1) comparing, by the soft SMMU, an address of the first 

signaling the processor when the processor attempts to data to determine whether the address is within a range 

access first data which is not within the decrypted data specified by limit registers. 

in the main memory but is within the encrypted data 13. A method as in claim 11 wherein step (c) includes the 

stored in the external memory; following substep: 

wherein when the soft SMMU signals the processor, the (c.l) comparing, by the soft SMMU, an address of the first 

processor oversees transfer of the first data from the 65 data within current page information registers to deter- 

external memory and oversees decryption of the first mine whether the first data is within the pages of data 

data. stored in the main memory. 
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14. A method as in claim 11 wherein subsiep (e.l) 
includes the following substep: 

using an encryption engine, overseen by the processor, to 
decrypt the first data. 

15. A method as in claim U wherein in substep (c.l) the s 
encryption engine performs a DES encrypt operation to 
decrypt the first data. 

16. A method as in claim 11 wherein step (e) includes the 
following substeps performed before substep (e.l) when in 
step (d) the soft SMMU signals the processor: 10 

(e.3) overseeing, by the processor, encryption of the 

second data; and, 
(e.4) overseeing, by the processor, transfer of the second 

data to the external memory. 



10 



17. A method as in claim 16 wherein substep (e.3) 
includes the following substep: 

using an encryption engine, overseen by the processor, to 
encrypt the second data. 

18. A method as in claim 17 wherein in substep (e.3) the 
encryption engine performs a DES decrypt operation to 
encrypt the second data. 

19. A method as in claim 11 additionally comprising the 
following step: 

(f) accessing unencrypted data stored in the external 
memory using a memory controller within the inte- 
grated circuit. 
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